Meraki

Community

AutoPilot Hybrid Auth and Meraki Client VPN (VPN not working on lockscreen)

FunT3ch
New here
‎Sep 14 2020 11:41 AM
‎Sep 14 2020 11:41 AM

AutoPilot Hybrid Auth and Meraki Client VPN (VPN not working on lockscreen)

Hey Everyone,

 

I've spent a lot of time searching this issue but can't seem to find much, so hoping someone here has gone through this.

My company is working to implement MS Autopilot, with Hybrid AD join. At this point, we get to the point where all of the functions run, and the last step is for a user to sign in with their AD creds. The step we have to complete before this is to sign into the VPN by clicking the network icon. The VPN has been configured with -AllUserConnection, so should theoretically work from the lockscreen, but we can't get it to connect. If we sign into the computer using a local account, all works as it should, but the actual connection from the lockscreen just doesn't work, and we can't authenticate a sign in.

 

TL;DR - Has anyone gotten their Client VPN to connect from the lock screen? Or have gotten Autopilot with Hybrid Auth to work well?

0 Kudos
1 Reply 1
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 14 2020 1:52 PM
‎Sep 14 2020 1:52 PM

You can't use client VPN to authenticate from the login screen.  The Microsoft Client doesn't allow VPN connections that use PAP to authenticate to do this, and PAP is the only option available to us.

 

What you *might* be able to do is use the command line rasdial.exe to initiate the VPN and run that from a provisioning script (right after creating the VPN might be a good time).  You could use a hardcoded username/password used only for doing the AD join.

 

PhilipDAth_0-1600116676376.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.